You can send requests by constructing normal HTML elements, yes, but you can't read the resulting data. Don't take my word for it: try it and see. If you construct an img element from another domain, you can't read its pixels with canvas. If you construct an iframe with content from another domain, you can't read what's inside. A lot of browser security code, in fact, is dedicated to ensuring that data don't leak across domains.